103 Points

Summary

The AlienVault product team has released a hotfix (v5.5.1) to address a vulnerability discovered in USM Appliance and AlienVault OSSIM. Recently, a security researcher (Henry Huang) at CyCarrier CSIRT identified a remote code execution vulnerability in the USM Appliance web interface. After thorough analysis, it was determined that the severity of the vulnerability warranted a hotfix update.

If your USM Appliance is exposed to the internet, it is critical to patch immediately.

This vulnerability has been assigned CVE-2018-7279. CyCarrier has agreed to let AlienVault evaluate and patch this vulnerability before making the information publicly available. Our internal security researchers have evaluated the CVSS Overall score to be "8.4".

What We Have Done

We have identified and resolved the issue. An update is now available on the AlienVault update server. Applying the update will patch your system(s) and eliminate the vulnerability.

What You Should Do

All AlienVault OSSIM and USM Appliance customers should upgrade. All previous versions of AlienVault OSSIM and USM Appliance are vulnerable.

I know it says to contact support for the Offline Update for 5.5.1. I've contacted Support and so far they have sent me the link to the offline ISO for 5.5.0 and 5.1.1, neither of which I requested or need.

I wanted to report back here to help anybody who might be in my same position. There is no offline ISO for this hotfix, but rather you need to get support to link you to the file 'ossim-framework_253a5.5.0-30_all.deb' Once you have this file, you can use AlienVault's CLI to run a 'dpkg -i ossim-framework_253a5.5.0-30_all.deb' and get the file installed.